chiefonboarding / ChiefOnboarding / 8211573286

import base64

import io

import json

import time

import uuid

from datetime import timedelta

from json.decoder import JSONDecodeError as NativeJSONDecodeError

import requests

from django.conf import settings

from django.core.exceptions import ValidationError

from django.db import models

from django.db.models.signals import post_delete

from django.dispatch import receiver

from django.template import Context, Template

from django.template.loader import render_to_string

from django.urls import reverse, reverse_lazy

from django.utils import timezone

from django.utils.crypto import get_random_string

from django.utils.translation import gettext_lazy as _

from django_q.models import Schedule

from django_q.tasks import schedule

from requests.exceptions import (

from twilio.rest import Client

from admin.integrations.serializers import (

from admin.integrations.utils import get_value_from_notation

from misc.fernet_fields import EncryptedTextField

from misc.fields import EncryptedJSONField

from organization.models import Notification

from organization.utils import has_manager_or_buddy_tags, send_email_with_notification

class IntegrationTracker(models.Model):

    class Category(models.IntegerChoices):

        EXECUTE = 0, _("Run the execute part")

        EXISTS = 1, _("Check if user exists")

        REVOKE = 2, _("Revoke user")

    integration = models.ForeignKey(

    category = models.IntegerField(choices=Category.choices)

    for_user = models.ForeignKey("users.User", on_delete=models.CASCADE, null=True)

    ran_at = models.DateTimeField(auto_now_add=True)

    @property

    def ran_execute_block(self):

    @property

    def ran_exists_block(self):

    @property

    def ran_revoke_block(self):

class IntegrationTrackerStep(models.Model):

    tracker = models.ForeignKey(

    status_code = models.IntegerField()

    json_response = models.JSONField()

    text_response = models.TextField()

    url = models.TextField()

    method = models.TextField()

    post_data = models.JSONField()

    headers = models.JSONField()

    error = models.TextField()

    @property

    def has_succeeded(self):

    @property

    def pretty_json_response(self):

        return json.dumps(self.json_response, indent=4)

    @property

    def pretty_headers(self):

        return json.dumps(self.headers, indent=4)

    @property

    def pretty_post_data(self):

        return json.dumps(self.post_data, indent=4)

class IntegrationManager(models.Manager):

    def get_queryset(self):

        return super().get_queryset()

    def sequence_integration_options(self):

        return self.get_queryset().filter(

    def account_provision_options(self):

        return self.get_queryset().filter(

    def import_users_options(self):

        return (

class Integration(models.Model):

    class Type(models.IntegerChoices):

        SLACK_BOT = 0, _("Slack bot")

        SLACK_ACCOUNT_CREATION = 1, _("Slack account creation")  # legacy

        GOOGLE_ACCOUNT_CREATION = 2, _("Google account creation")  # legacy

        GOOGLE_LOGIN = 3, _("Google Login")

        ASANA = 4, _("Asana")  # legacy

        CUSTOM = 10, _("Custom")

    class ManifestType(models.IntegerChoices):

        WEBHOOK = 0, _("Provision user accounts or trigger webhooks")

        SYNC_USERS = 1, _("Sync users")

        MANUAL_USER_PROVISIONING = (

    name = models.CharField(max_length=300, default="", blank=True)

    integration = models.IntegerField(choices=Type.choices)

    manifest_type = models.IntegerField(

    token = EncryptedTextField(max_length=10000, default="", blank=True)

    refresh_token = EncryptedTextField(max_length=10000, default="", blank=True)

    base_url = models.CharField(max_length=22300, default="", blank=True)

    redirect_url = models.CharField(max_length=22300, default="", blank=True)

    account_id = models.CharField(max_length=22300, default="", blank=True)

    active = models.BooleanField(default=True)

    ttl = models.IntegerField(null=True, blank=True)

    expiring = models.DateTimeField(auto_now_add=True, blank=True)

    one_time_auth_code = models.UUIDField(

    manifest = models.JSONField(default=dict, null=True, blank=True)

    extra_args = EncryptedJSONField(default=dict)

    enabled_oauth = models.BooleanField(default=False)

    app_id = models.CharField(max_length=100, default="")

    client_id = models.CharField(max_length=100, default="")

    client_secret = models.CharField(max_length=100, default="")

    signing_secret = models.CharField(max_length=100, default="")

    verification_token = models.CharField(max_length=100, default="")

    bot_token = EncryptedTextField(max_length=10000, default="", blank=True)

    bot_id = models.CharField(max_length=100, default="")

    @property

    def skip_user_provisioning(self):

        return self.manifest_type == Integration.ManifestType.MANUAL_USER_PROVISIONING

    @property

    def can_revoke_access(self):

        return self.manifest.get("revoke", False)

    @property

    def update_url(self):

        return reverse("integrations:update", args=[self.id])

    def get_icon_template(self):

        return render_to_string("_integration_config.html")

    @property

    def schedule_name(self):

        return f"User sync for integration: {self.id}"

    @property

    def secret_values(self):

        print(self.manifest["initial_data_form"])

        return [

    @property

    def missing_secret_values(self):

    @property

    def filled_secret_values(self):

        return [item for item in self.secret_values if item["id"] in self.extra_args]

    @property

    def requires_assigned_manager_or_buddy(self):

        return has_manager_or_buddy_tags(self.manifest)

    def clean(self):

        if not self.manifest or self.skip_user_provisioning:

            return

        if self.manifest_type == Integration.ManifestType.WEBHOOK:

            manifest_serializer = WebhookManifestSerializer(data=self.manifest)

            manifest_serializer = SyncUsersManifestSerializer(data=self.manifest)

        if not manifest_serializer.is_valid():

    def save(self, *args, **kwargs):

        super().save(*args, **kwargs)

        if self.manifest_type != Integration.ManifestType.SYNC_USERS:

            return

        schedule_cron = self.manifest.get("schedule")

        try:

            schedule_obj = Schedule.objects.get(name=self.schedule_name)

        except Schedule.DoesNotExist:

            if schedule_cron:

                schedule(

            return

        if schedule_cron is None:

            schedule_obj.delete()

            return

    def register_manual_integration_run(self, user):

        from users.models import IntegrationUser

        integration_user, created = IntegrationUser.objects.update_or_create(

    def cast_to_json(self, value):

        try:

            value = json.loads(value)

        except Exception:

            pass

        return value

    def run_request(self, data):

        url = self._replace_vars(data["url"])

        if "data" in data:

            post_data = self._replace_vars(json.dumps(data["data"]))

            post_data = {}

        if data.get("cast_data_to_json", False):

        error = ""

        files_to_send = {}

        for field_name, file_name in data.get("files", {}).items():

            try:

                files_to_send[field_name] = (file_name, self.params["files"][file_name])

            except KeyError:

                error = f"{file_name} could not be found in the locally saved files"

                if hasattr(self, "tracker"):

                    IntegrationTrackerStep.objects.create(

                return False, error

        response = None

        try:

            response = requests.request(

        except (InvalidJSONError, JSONDecodeError):

        except HTTPError:

        except SSLError:

        except Timeout:

        except (URLRequired, MissingSchema, InvalidSchema, InvalidURL):

            error = "The url is invalid"

        if error == "" and data.get("fail_when_4xx_response_code", True):

            try:

                response.raise_for_status()

            except Exception:

                error = response.text

        try:

            json_response = response.json()

            text_response = ""

        except:  # noqa E722

            json_response = {}

            if error:

                text_response = error

        if hasattr(self, "tracker"):

            try:

                json_payload = json.loads(self.clean_response(json_response))

            try:

                json_post_payload = json.loads(

            try:

                json_headers_payload = json.loads(

            IntegrationTrackerStep.objects.create(

        if error:

            return False, error

        return True, response

    def _replace_vars(self, text):

        params = {} if not hasattr(self, "params") else self.params

        if self.pk is not None:

            params["redirect_url"] = settings.BASE_URL + reverse_lazy(

        if hasattr(self, "new_hire") and self.new_hire is not None:

            text = self.new_hire.personalize(text, self.extra_args | params)

            return text

        t = Template(text)

        context = Context(self.extra_args | params)

        text = t.render(context)

        return text

    @property

    def has_oauth(self):

        return "oauth" in self.manifest

    def headers(self, headers=None):

        if headers is None:

            headers = {}

        headers = (

        new_headers = {}

        for key, value in headers:

            if key == "Authorization" and value.startswith("Basic"):

                auth_details = self._replace_vars(value.split(" ", 1)[1])

                value = "Basic " + base64.b64encode(

            new_headers[self._replace_vars(key) + ""] = self._replace_vars(value) + ""

        return new_headers

    def user_exists(self, new_hire):

        from users.models import IntegrationUser

        if self.skip_user_provisioning:

            try:

                user_integration = IntegrationUser.objects.get(

            except IntegrationUser.DoesNotExist:

                return False

            return not user_integration.revoked

        self.tracker = IntegrationTracker.objects.create(

        self.new_hire = new_hire

        self.has_user_context = new_hire is not None

        if not self.renew_key():

        success, response = self.run_request(self.manifest["exists"])

        if not success:

            return None

        user_exists = (

        IntegrationUser.objects.update_or_create(

        return user_exists

    def test_user_exists(self, new_hire):

    def needs_user_info(self, user):

        if self.skip_user_provisioning:

            return False

        form = self.manifest.get("form", [])

        extra_user_info = self.manifest.get("extra_user_info", [])

        needs_more_info = any(

        return len(form) > 0 or needs_more_info

    def revoke_user(self, user):

        if self.skip_user_provisioning:

            return False, "Cannot revoke manual integration"

        self.new_hire = user

        self.has_user_context = True

        if not self.renew_key():

        revoke_manifest = self.manifest.get("revoke", [])

        self.params = self.new_hire.extra_fields

        self.tracker = IntegrationTracker.objects.create(

        for item in revoke_manifest:

            success, response = self.run_request(item)

            if not success:

                return False, self.clean_response(response)

        return True, ""

    def renew_key(self):

        success = True

        if (

            success, response = self.run_request(self.manifest["oauth"]["refresh"])

            if not success:

                user = self.new_hire if self.has_user_context else None

                Notification.objects.create(

                return success

            self.extra_args["oauth"] |= response.json()

            if "expires_in" in response.json():

                self.expiring = timezone.now() + timedelta(

            self.save(update_fields=["expiring", "extra_args"])

            if hasattr(self, "tracker"):

        return success

    def _check_condition(self, response, condition):

        value = self._replace_vars(condition.get("value"))

        try:

            response_value = get_value_from_notation(

        return value == response_value

    def _polling(self, item, response):

        polling = item.get("polling")

        continue_if = item.get("continue_if")

        interval = polling.get("interval")

        amount = polling.get("amount")

        got_expected_result = self._check_condition(response, continue_if)

        if got_expected_result:

        tried = 1

        while amount > tried:

            time.sleep(interval)

            success, response = self.run_request(item)

            got_expected_result = self._check_condition(response, continue_if)

            if got_expected_result:

                return True, response

            tried += 1

        return False, response

    def execute(self, new_hire=None, params=None, retry_on_failure=False):

        self.params = params or {}

        self.params["responses"] = []

        self.params["files"] = {}

        self.new_hire = new_hire

        self.has_user_context = new_hire is not None

        self.tracker = IntegrationTracker.objects.create(

        if self.has_user_context:

            self.params |= new_hire.extra_fields

            self.new_hire = new_hire

        if not self.renew_key():

        for item in self.manifest.get("initial_data_form", []):

            if "name" in item and item["name"] == "generate":

                self.extra_args[item["id"]] = get_random_string(length=10)

        for item in self.manifest["execute"]:

            success, response = self.run_request(item)

            if polling := item.get("polling", False):

                success, response = self._polling(item, response)

            if continue_if := item.get("continue_if", False):

                got_expected_result = self._check_condition(response, continue_if)

                if not got_expected_result:

                    response = self.clean_response(response=response)

                    Notification.objects.create(

                    return False, response

            if not success:

                if self.has_user_context:

                    response = self.clean_response(response=response)

                    if polling:

                    Notification.objects.create(

                if retry_on_failure:

                    schedule(

                return False, response

            save_as_file = item.get("save_as_file")

            if save_as_file is not None:

                self.params["files"][save_as_file] = io.BytesIO(response.content)

            try:

                self.params["responses"].append(response.json())

            if store_data := item.get("store_data", {}):

                for new_hire_prop, notation_for_response in store_data.items():

                    try:

                        value = get_value_from_notation(

                    except KeyError:

                        return (

                    new_hire.extra_fields[new_hire_prop] = value

                    self.params[new_hire_prop] = value

                new_hire.save()

        for item in self.manifest.get("post_execute_notification", []):

            if item["type"] == "email":

                send_email_with_notification(

                return True, None

        if self.has_user_context:

            Notification.objects.create(

        return True, response

    def config_form(self, data=None):

        if self.skip_user_provisioning:

            from .forms import ManualIntegrationConfigForm

            return ManualIntegrationConfigForm(data=data)

        from .forms import IntegrationConfigForm

        return IntegrationConfigForm(instance=self, data=data)

    def clean_response(self, response) -> str:

        if isinstance(response, dict):

            try:

                response = json.dumps(response)

        for name, value in self.extra_args.items():

            if isinstance(value, dict):

                response = response.replace(

            if name == "Authorization" and value.startswith("Basic"):

        return response

    objects = IntegrationManager()

@receiver(post_delete, sender=Integration)

def delete_schedule(sender, instance, **kwargs):

    Schedule.objects.filter(name=instance.schedule_name).delete()